Description

The autocomplete callback implemented by this module does not honor node permissions to access existing fields, allowing users to see field values even though they are not authorized to access that information.

This vulnerability is mitigated by the fact that an attacker must have a role with the permission to create or edit content.